Splunk Search

Ask a Question

Discussions

Thread Info

How to combine multiple values to single row

I want to divide different multi-values based on IP. Current results: IPdateeventrisk1.1.1.12022-01-012022-01-02a...

by Explorer in

How to display two lines in a linechart based on one value?

Dear Splunk Community, Every 5 minutes the following event is generated : 2022-01-05 21:20:33 : Running OR 20...

by Communicator in

Unable to extract from the field

Hello all, I am trying to extract an field from the below event and using the below add extraction, however thi...

by Path Finder in

Splunk regex ignore fields before match

I need to extract the contents of the message field into a json log, but the first strings must be ignored until 'std...

by Path Finder in

Remove Alike Values in a Field

Hello Splunk Answers, How can I remove this duplicate line? See sample below: From: row1 row2 row31.1....

by Path Finder in

How to Search for the Rows If at Least One Row in the Whole source Meets a Criteria

I want to search like: index=whatever "term_1" AND (at least one event in the source of the found record contains t...

by Explorer in

Exclude IP address returned from subsearch in main search

Hello, I've got a search query where I'm looking for unexpected ssh connections to my instances, but I've got one s...

by Explorer in

Break up search over large timeframe into searches of smaller timeframes

TLDR: I'm trying to automate the large 25 day search to break up into 25 separate one day searches. I'm updating a ...

by Explorer in

Log4J Search slows down after a few minutes (Large Query)

Log4J Query: index=* | regex _raw="(\$|%24)(\{|%7B)([^jJ]*[jJ])([^nN]*[nN])([^dD]*[dD])([^iI]*[iI])(:|%3A|\...

by Explorer in

Creating a new field from another field

Hi, Wondering if anyone can help. I am trying to create a new field called FS_Owner_Mail using |eval from both ...

by Engager in

Choose one result in Splunk table Query

Hello All, 1) I would like to add radio button / any way to select - one of the results of my below REST query sea...

by Explorer in

Search based on two different dropdowns

I have two dropdowns. I only want to run a single dropdown everytime for a search. Closed Dropdown has token value...

by Engager in

..

by Engager in

Find Ids of a table not in other search table

I have 2 type of search messages - Problem #1 Problem #5 and other one goes like this - Solved problem_id suc...

by Engager in

Daily and weekly discrete count in the same query?

I've got some queries I need to do periodically that use the exact same base search, one with teh weekly uniques and ...

by Explorer in

java curl splunk search produces error in SearchParser - missing a search command

In Java, I am trying to call a curl command that has a Splunk search to get contents of a lookup file. I've used ht...

by Path Finder in

How: transform csv field value, split, join and create dynamic field value pair

I use a lookup to define alert/SLO specifications. I use the lookups as input filters to my alert searches where I ca...

by Explorer in

extract pattern like splunk pattern

Hi, How can I extract pattern of raw data like pattern tab in splunk search? Thanks

by Motivator in

How to write field name in its value

Hi, How can I write the name of a field in the value like I have : test_1test_2test_3warnerrorcritical I wa...

by Builder in

How to reorganize a table

Hello, I have a table like that : customerprod_1prod_2prod_3customer_1 green customer_2red orange and I wou...

by Builder in

Limiting and grouping OTHER in stats command

Hi! I have a summarized field (docsReturned) by customer id that I would like to make a top X pie chart of, while sum...

by New Member in

filter time for specific range

| savedsearch cbp_inc_base | eval _time=strftime(opened_time, "%Y/%m/%d") || bin _time span=1d here _ time is g...

by Path Finder in

Want to merge two query with different fields in one

First queryindex = pcf_logs cf_org_name = creorg OR cf_org_name = SvcITDnFAppsOrg cf_app_name=VerifyReviewConsumerSer...

by New Member in

How to count every 15mins with complete time bucket

If I use bin _time as time span=15m | stats count by time on 17:20 for the past 1 hour, the result would be like .....

by Engager in

unable to convert epoch fomat to human readable format

When i convert following timestamp to human readable format i am getting "12/31/9999 23:59:59" instead of '01/04/22 0...

by Loves-to-Learn Everything in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to combine multiple values to single row

How to display two lines in a linechart based on one value?

Unable to extract from the field

Splunk regex ignore fields before match

Remove Alike Values in a Field

How to Search for the Rows If at Least One Row in the Whole source Meets a Criteria

Exclude IP address returned from subsearch in main search

Break up search over large timeframe into searches of smaller timeframes

Log4J Search slows down after a few minutes (Large Query)

Creating a new field from another field

Choose one result in Splunk table Query

Search based on two different dropdowns

..

Find Ids of a table not in other search table

Daily and weekly discrete count in the same query?

java curl splunk search produces error in SearchParser - missing a search command

How: transform csv field value, split, join and create dynamic field value pair

extract pattern like splunk pattern

How to write field name in its value

How to reorganize a table

Limiting and grouping OTHER in stats command

filter time for specific range

Want to merge two query with different fields in one

How to count every 15mins with complete time bucket

unable to convert epoch fomat to human readable format

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Enterprise Security Content Update (ESCU) | New Releases

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions